-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Security: Backport uuidv8 vulnerabilty to v3 of msal-node too #8635
Copy link
Copy link
Open
Labels
Needs: Attention 👋Awaiting response from the MSAL.js teamAwaiting response from the MSAL.js teambug-unconfirmedA reported bug that needs to be investigated and confirmedA reported bug that needs to be investigated and confirmedconfidential-clientIssues regarding ConfidentialClientApplicationsIssues regarding ConfidentialClientApplicationsmsal-nodeRelated to msal-node packageRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.Customer is asking for a clarification, use case or information.
Description
Metadata
Metadata
Assignees
Labels
Needs: Attention 👋Awaiting response from the MSAL.js teamAwaiting response from the MSAL.js teambug-unconfirmedA reported bug that needs to be investigated and confirmedA reported bug that needs to be investigated and confirmedconfidential-clientIssues regarding ConfidentialClientApplicationsIssues regarding ConfidentialClientApplicationsmsal-nodeRelated to msal-node packageRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.Customer is asking for a clarification, use case or information.
Type
Fields
Give feedbackNo fields configured for issues without a type.
Core Library
MSAL Node (@azure/msal-node)
Core Library Version
3
Wrapper Library
Not Applicable
Wrapper Library Version
N/A
Public or Confidential Client?
Confidential
Description
#8553
Can we backport the fix to v3 as well to those of us on the older versions in our projects? That would be appreciated as v3 is still LTS.
Error Message
No response
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
npm audit
Expected Behavior
the uuid CVE should be gone
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
None (Server)
Regression
No response